• Ask A Question

    Ask us a question







    Please enter correct format as below:
    If AMERICA: yyy-yyy-yyyy ext123
    If Other: +yy-yyy-yyyyy ext123








    Captcha Code

  • Newsletter

keyAuthority

keyAuthoritySecurity-hardened, standards-based key management appliance

 Benefits

• Automate encryption key management
• Reduce the risk of security breaches
• Achieve compliance and audit goals
• Meet continuity and retention policy
• Reduce costs of managing encryption
• Simplify deployment and management

Partner Resources

Thales Encryption Manager for Storage (TEMS), CryptoStor Tape and KeyVault are Thales’ previous generation of tape encryption and key management hardware that pioneered an appliance approach to data storage security. Thales is now partnering with leading encryption application partners to offer keyAuthority as a next generation solution. We invite you to learn more about the current enterprise key management appliance and supported encryption products.



 

Organizations are under pressure to protect information and support regulatory mandates that reduce risks to sensitive data. Failing to do so can be devastating, including costly penalties, remediation expenses and damaged business reputation. While encryption is a well-proven method to control exposure of data, application managers must decide how best to deploy and manage encryption across a diverse IT environment, and prove to auditors that effective security controls over encryption keys are in place.

Devices, such as tape libraries, disk arrays and SAN switches, now include embedded cryptography. However, without reliable key management, the cost and complexity of deploying and managing encryption can stall adoption. When planning a data protection strategy, both business continuity and reliable data access cannot suffer. A systematic and simplified approach is needed to automate key lifecycle controls, while ensuring long-term key protection.

Thales e-Security keyAuthority® is a standards-based, FIPS-designed key manager that enables high assurance key management across classes of encrypting devices. The appliance supports standards-based protocols, as well as legacy interoperability, with leading encryption products. Administration is centralized for consistent key lifecycle management and auditing, while ensuring that business continuity and data recovery requirements are met. Pre-qualified support for industry-leading encryption products and devices delivers a comprehensive, integrated solution that grows with enterprise needs.
 

 

Click Here to View Webinar

 

Features

Security-hardened, high-performance appliance
Attack-resistant and tamper-evident hardware chassis designed to FIPS 140-2 level 3 specifications; optimized performance for large-scale, globally-distributed enterprise environments.

Standards-based and legacy key management protocol support
Unified management over heterogeneous encryption applications across IT infrastructure with extensibility to support new standards-based, encrypting devices and legacy applications.
 
Automated key replication, backup, and recovery
Ensure long-term, reliable access to data with automated key replication and secure backup of encryption keys to offsite and recovery data centers.

Certified encryption partner device integration
Tested and validated support from Thales and technology partners for a full range of encryption solutions.

Separation of duties
Separation of administrative roles ensures that no single user has over-privileged access to compromise encryption key integrity.

Domain and group separation
Key sharing and device groups support multi-tenancy to enable cloud applications while avoiding conflicts of interest when centrally hosting key management services for multiple domains.

Logging and reporting
Administrative and system functions are centrally logged for a quick response to routine audits and ad hoc inquiries, with the ability to provide alerts for system availability or attempts to compromise the appliance.

Secure audit facility
Tamper-resistant, hardware-based logging facility enables traceability of all actions, authenticated export of log data, and role-based access to auditing to avoid compromising data integrity.

 

Specifications

Key management protocols

  • Standards-based and proprietary support for switch, tape, and disk encrypting devices
  • IBM disk and tape products (TKLM-compatible)
  • NIST key lifecycle key states supported

Management framework

  • Internet Explorer and Firefox compatible web-based GUI, SSH and command line interface (CLI)
  • Multiple administrator roles for separation of duties (Smart Card authentication option)
  • M of N system key sharing for quorum backup and recovery to smart cards
  • Key groups and domains separation with an ability to set key sharing and device trust relationships
  • Policy-based key lifecycle best practices with fine-grained encryption management (e.g, per-tape, per-LUN)
  • Up to 25 million keys for heterogeneous applications,1024 mixed endpoint devices, supported

Physical appliance attributes

  • 2U appliance, 30 lbs (13.6 kg), 19" rack mountable (17" x 30" x 3.5"; 432mm x 762mm x 89mm)
  • Hot-swappable, redundant fans and universal power supplies
  • 100/240 VAC, 50/60 Hz, 460

 

Related Resources

Analyst Reports

White Papers


  • keyAuthority with IBM TKLM
    Reduce the risk of data breaches with integrated IBM storage encryption and Thales high assurance key management.

Solution Sheets

Related Data Sheets


  • keyAuthority
    keyAuthority automates and centralizes lifecycle encryption key management for enterprises.

Webinars


  • Storage Security
    This webinar demonstrates our enterprise key management solution in a data center storage environment.